This bug report was migrated from our old Bugzilla tracker.

These attachments are available in the static archive:

• Reproducing crash (main.cpp, text/plain, 2010-07-01 02:10:29 +0000, 573 bytes)
• patch for sdlgenaudiocvt.pl (sdlgenaudiocvt.diff, text/plain, 2010-12-15 07:41:49 +0000, 2233 bytes)

Reported in version: HG 2.0
Reported for operating system, platform: Windows 7, x86

Comments on the original bug report:

On 2010-07-01 02:09:21 +0000, Mārtiņš Možeiko wrote:

When converting AUDIO_S16, 16kHz, 1 channel audio to AUDIO_S16, 44.1kHz, 2 channel crash occurs in SDL_ConvertAudio function. Crash happens somewhere in SDL_Upsample_S16LSB_2c function.

I'm using MSVC2008 to build SDL from hg.

Code to reproduce crash is attached. Same code with SDL-1.2.14 runs fine and prints out: "Converted from 10 to 40"

On 2010-07-01 02:10:29 +0000, Mārtiņš Možeiko wrote:

Created attachment 513
Reproducing crash

On 2010-12-15 07:41:49 +0000, wrote:

Created attachment 549
patch for sdlgenaudiocvt.pl

On 2010-12-15 07:45:25 +0000, wrote:

Reproducible here under Windows and Linux. Looking at the code for SDL_Upsample_S16LSB_2c:

const int dstsize = (int) (((double)cvt->len_cvt) * cvt->rate_incr);
Sint16 *dst = ((Sint16 *) (cvt->buf + dstsize)) - 2;
const Sint16 *target = ((const Sint16 *) cvt->buf) - 2;
while (dst > target) {
dst[1] = ((Sint16) SDL_SwapLE16(sample1));
dst[0] = ((Sint16) SDL_SwapLE16(sample0));
dst -= 2;
...

if dstsize is odd (and therefore dst), it'll write to target[1] which is one byte before the allocated buf.

The attached patch to sdlgenaudiocvt.pl changes dst > target to dst >= target, and removes the - $channels for the upsample case. The patch is not fully tested, but seems to work here.

On 2012-01-08 14:11:28 +0000, Sam Lantinga wrote:

Looks good, thanks!
http://hg.libsdl.org/SDL/rev/ba275696ab7a